Skip navigation

Nordy Club members earn 3X the points on beauty! See Details

Your Store
Irvine Spectrum Center
0
Main content
  1. Home
  2. Customer Service
  3. Nordstrom Policies
  4. Notice of Privacy Practices (In-Store Prosthesis Program)

Notice of Privacy Practices (In-Store Prosthesis Program)

Effective Date: April 14, 2003
Revised Effective Date: March 2, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.PLEASE REVIEW IT CAREFULLY.

Nordstrom, Inc. (“Nordstrom,” “our,” “we,” “us”) is required by law to maintain the privacy of your protected health information (“PHI”), to provide you with this Notice of our legal duties and privacy practices, and to notify you following a breach of your unsecured PHI.

We are required to abide by the terms of the Notice currently in effect.

This Notice applies only to the PHI of customers of our In-Store Prosthesis Program (“Prosthesis Program”), and PHI collected, created, and maintained in connection with the Prosthesis Program. This PHI may include, for example, your personal identifiers, insurance information, medical history and diagnoses, prosthetics prescriptions or referrals, assessments, measurements, and treatment records. This Notice does not apply to our online prosthetics business which does not collect, create, or receive any health information.

We are designated as a HIPAA Hybrid Entity. This means that only certain parts of our company perform functions that make us subject to the HIPAA Privacy Rule. Those parts are our “Designated Health Care Components,” which include our Prosthesis Program and internal administrative departments that support our Prosthesis Program and have access to PHI.This Notice applies only to these Designated Health Care Components and their workforce members.We may share PHI among our Designated Health Care Components as permitted by law for treatment, payment, and healthcare operations.The non-health care components of Nordstrom, Inc. generally are not covered by this Notice and do not have access to PHI unless the law allows or you authorize the disclosure.

The safeguards described in this Notice are intended to comply with federal regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

YOUR RIGHTS

You have the right to know how we use or disclose your PHI. You also have the right to:

  • Request restrictions on how we use or disclose your PHI; however, in most cases, we are not required to agree to any requested restrictions. We are required to comply with your request to restrict disclosures of PHI if the PHI relates solely to a health care item or service for which you paid in full, and if the disclosures are for the purpose of carrying out payment or health care operations and are not otherwise required by law.
  • Request to receive confidential communications from us at an alternative location or by alternative means. For example, you can ask us to contact you only at work or only by mail. We will honor reasonable requests.
  • Inspect and copy your PHI that is used to make decisions about your treatment or payment for your care. In some circumstances (for example, in the case of psychotherapy notes), we may deny your request to inspect and copy your PHI. Also, if we maintain your PHI in an “electronic health record,” you can receive a copy electronically or ask us to send the record electronically to a third party. The term “electronic health record” means an electronic record of health-related information about you that is created, gathered, managed, and consulted by us. We may charge a fee for the costs of copying, mailing or other supplies associated with your request.
  • Request to amend or correct the PHI maintained for you by us. However, we are not required to comply with your request if we believe your information is accurate and complete. We also are not required to amend PHI that was not created by us, is not part of the medical, billing, or other records maintained by us or used by us to make decisions about you, or is not part of the PHI that you would be permitted to inspect or copy. Your request must include a reason to support your request. If your request is denied, we will provide you with an explanation of the reason for the denial. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement of disagreement.
  • Request an accounting of any disclosures of your PHI made by us for purposes other than those related to treatment, payment or health care operations, pursuant to your authorization or under certain other circumstances. Your request must specify a time period not longer than six years from the date of the request. The accounting will not include disclosures (1) that were made for treatment, payment or health care operations purposes;(2) that were authorized by you; (3) that were made to friends or family members in your presence or because of an emergency; (4) that were made for national security purposes, or (5) that were incidental to otherwise permissible disclosures. The first list you request within a 12-month period will be provided free of charge. Additional lists will be subject to a reasonable charge.
  • Receive notice if there is a breach of your unsecured PHI (i.e., your PHI is disclosed in violation of HIPAA and there is more than a low probability that the PHI has been compromised).If it is determined from our risk assessment that a breach has occurred, you will be notified without unreasonable delay and no later than 60 days after our discovery of the breach. The notification will include information about what happened and what may be done to mitigate any harm.
  • Request and receive a paper copy of this Notice of Privacy Practices.
  • Choose someone to act on your behalf (i.e., designation of a healthcare power of attorney or personal representative) by exercising your rights and making decisions about your health information.
  • In order to exercise your rights, you must complete the appropriate request form developed by us. These forms and a copy of this Notice can be obtained on our website at prosthesisprogram@nordstrom.com or by contacting our Privacy Officer at the contact information below. Except as described above, you will not be charged a fee associated with your request. If your request is denied, in most cases you have the right to request a review of the denial.

HOW WE MAY USE AND DISCLOSE YOUR PHI WITHOUT YOUR AUTHORIZATION

We may use or disclose your PHI in the following situations without obtaining your consent or authorization.

Treatment

We may use or disclose your PHI to provide you prosthesis products and services in our stores. For example, we may contact your doctor for additional information about your medical condition or share your PHI with employees who will fit you for prosthetic products.

Payment

We may use or disclose your PHI to obtain payment for services that we have provided. For example, we may submit information to your health plan to verify coverage, obtain prior authorization, or obtain reimbursement.

Health Care Operations

We may use and disclose your PHI for our operations, such as quality assessment and improvement, patient safety, training, licensing, credentialing, internal audits, legal services, and business planning and management.

As Required by Law

We may disclose PHI about you when required to do so by federal, state or local law. For example, we may disclose PHI to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy or laws that apply to billing federal health care programs for services that we provide to you.

Health Oversight Activities

We may use or disclose your PHI for legally authorized health oversight activities, including audits, investigations, inspections and licensure of health care providers, as well as disciplinary, civil, or criminal proceedings or actions.

Lawsuits and Disputes

We may disclose PHI about you when required for judicial or administrative proceedings in response to a court or administrative order, or in response to a subpoena, discovery request or other lawful process. If the requesting party is not the court, the requesting party must have made a good faith attempt to inform you of the proceeding and permit you to raise an objection or obtain an order protecting the information requested.

Law Enforcement

We may disclose PHI to a law enforcement official:

  • As required to report certain wounds or other physical injuries
  • In response to a court order, subpoena, warrant, summons or similar process
  • To identify or locate a suspect, fugitive, material witness or missing person
  • To provide information about the victim of a crime if, under certain circumstances, we are unable to obtain your agreement
  • To provide information about a death that may be the result of criminal conduct
  • To provide information about criminal conduct that we believe occurred on our premises

Serious Threat to Health or Safety

We may use or disclose your PHI if necessary to prevent or lessen a serious and imminent threat to your health and safety or to the health and safety of the public or another person. With certain exceptions, PHI may also be disclosed in order to assist law enforcement in identifying or apprehending an individual participating in a violent crime, or when an individual has escaped from a correctional institution or other lawful custody. Should these uses or disclosures be necessary, we will use or disclose the PHI in a manner consistent with applicable laws and ethical standards.

Family Members and Friends

In limited circumstances, we may disclose PHI to your friends or family members who you identify is involved in your care or payment for your care if: (1) you are present and do not object to the disclosure, or (2) you are not present and we determine that the disclosure would be in your best interests, based on our professional judgment.

Business Associates

We may disclose PHI to our business associates to perform certain administrative, billing, technology, and other functions or services for us. For example, business associates may include accountants and attorneys. Business associates may receive, create, maintain, and/or disclose your PHI without your authorization, but only after the business associate agrees in writing with us to limit its uses and disclosures to proper purposes and to implement appropriate safeguards regarding your PHI.

Personal Representatives

We may also disclose your PHI to individuals authorized by you, or to an individual designated as your personal representative, so long as you provide us with a written notice or authorization and any supporting documents (i.e., healthcare power of attorney or designation of personal representative).However, we do not have to disclose information to a personal representative if we have a reasonable belief that (1) you have been, or may be subjected to domestic violence, abuse or neglect by such person; (2) treating such person as your personal representative could endanger you; or (3) it is not in your best interest to treat the person as your personal representative.

Other Disclosures Permitted by Law

We may use or disclose your PHI as permitted by law without your authorization. For example, we may disclose PHI in the following situations:

  • To comply with laws relating to workers’ compensation or similar programs that provide benefits for work-related injuries or illnesses.
  • To prevent or lessen a serious and imminent threat to your health and safety or to the health and safety of the public.
  • To share information in a disaster relief situation.
  • In response to an administrative or court order or a request for information in a lawsuit involving you.
  • In relation to public health activities, such as preventing or controlling disease.
  • If you are a member of the armed forces, we may disclose PHI about you as required by military command authorities if those authorities have provided proper notice. We may also disclose PHI about foreign military personnel to the appropriate foreign military authority.
  • We may disclose PHI about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
  • If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose PHI about you to the correctional institution or law enforcement official. This disclosure would be necessary (1) for the institution to provide you with health care, (2) to protect your health and safety or the health and safety of others, (3) for law enforcement on the premises of the correctional institution; or (4) for the safety and security of the correctional institution.
  • We may disclose PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors as necessary to carry out their duties.
  • We may disclose PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank as necessary to facilitate organ or tissue donation and transplantation.
  • We may disclose PHI for research (subject to approval by institutional or private privacy review boards and subject to other certain conditions).
  • We may disclose PHI to the appropriate government authority about an individual whom we reasonably believe to be a victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree, if required by law, or when otherwise authorized by law and the disclosure is necessary to prevent serious harm to you or other potential victims.

Other Restrictions on the Use and Disclosure of PHI

Certain types of PHI may be subject to additional protections under federal or state law. For example, psychotherapy notes, certain substance use disorder treatment records, mental health records, HIV/AIDS-related information, genetic information, and reproductive health information may require your written authorization for most uses or disclosures, or may have stricter limits. When more protective laws apply, we will follow those laws.

YOUR AUTHORIZATION

Other than for the purposes stated above or disclosures to you, we may not use or disclose your PHI without your written authorization. You may revoke an authorization in writing at any time. However, we cannot take back any disclosures of PHI we have already made with your authorization.

The following disclosures will be made only with your written authorization:

  • Most uses and disclosures of psychotherapy notes.
  • Uses and disclosures of your medical information for marketing purposes.
  • Disclosures that would constitute the sale of your medical information.
  • Other uses and disclosures not described in this Notice.

OUR RESPONSIBILITIES

We comply with all legal requirements to:

  • Maintain the privacy of your PHI
  • Provide you with this Notice of our legal duties and privacy practices
  • Notify you following a breach of your unsecured PHI
  • Abide by the terms of this Notice

We reserve the right to change the terms of this Notice. New provisions will be effective for all PHI we currently have and PHI we receive in the future. If this Notice is revised, the revised Notice will be available upon request and posted at our service sites and on our website. The effective date of this Notice is stated on the first page of this Notice.

We will ask you to sign an acknowledgement that you received this Notice. Your receipt or lack of acknowledgement does not affect your eligibility for treatment or benefits.

Except as expressly noted, this Notice relates to PHI only and does not affect our information practices with respect to other information. The examples contained in this Notice are examples only and are not intended to be exhaustive.

COMPLAINTS AND CONCERNS

We take the protection of your PHI seriously. If you believe your privacy rights concerning your PHI have been violated, you may make a formal complaint directly to us or with the Secretary of Health & Human Services. You will not be retaliated against for filing a complaint.

To file a complaint with us, contact the Nordstrom Privacy Officer at the address listed in the "Contacts" section below.

You may file a complaint with the Secretary of Health & Human Services by submitting a detailed written description of the issue to your regional Office for Civil Rights. Your description must name the covered entity (Nordstrom, Inc.) and what action (or lack of action) you believe has violated HIPAA. Your complaint must be submitted within 180 days of when you knew or should have known of the issue, unless this deadline is waived by the Office for Civil Rights. You can find the address for your regional office and information about submitting an online complaint at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

CONTACTS

Your comments, questions or complaints regarding this Notice or the privacy of your PHI, or to request further information, should be directed to:

Privacy Officer - Nordstrom Corporate Prosthesis Program
1617 6th Avenue, 5th Floor
Seattle, WA 98101
1.800.804.1502 (Prosthesis Hotline)
prosthesisprogram@nordstrom.com

Sorry, we weren’t able to retrieve your bag. Please try again later or try refreshing the page.